Sunday, 1 July 2018

It’s not often that the UK is praised for the manner in which its intelligence agencies adopt appropriate data protection standards. So let's give due acknowledgement to Joe Cannataci, the UN’s Special Rapporteur on the right to privacy, who has recently used some very warm words to comment on these privacy practices.

Of the Investigatory Powers Act, he proclaimed: "I am satisfied that the UK systematically employs multiple safeguards which go to great lengths to ensure that unauthorised surveillance does not take place, and that when authorization is sought it is granted only after the necessity and proportionality of the surveillance measures are justified on a case-by-case basis ... Moreover from a UN perspective, I am greatly encouraged that the UK has translated its commitment to human rights globally into procedures which do not discriminate between UK citizens and non-UK citizens when it comes to safeguards and remedies available." And: "While the new set-up may still contain a number of imperfections, the UK has now equipped itself with a legal framework and significant resources designed to protect privacy without compromising security."

Of course nothing is ever perfect, so of course he recommended additional improvements. Why? Principally because he was not confident that the UK’s system could be replicated in other countries "where the culture many be different and not sufficiently robust in key aspects such as judicial integrity."

Mr Cannataci’s intervention at this stage is timely as it provides helpful briefing material for those who will need to argue that, come Brexit, the UK’s data protection standards are essentially equivalent to those of the EU, and that, therefore, the data flows between the UK and the EU should be permitted to continue without the need for additional protections in the guise of mostly incomprehensible (and stomach churning) data processing contracts.

Given that Mr Cannataci acknowledges that only "a tiny minority of EU states ... have made a successful effort to update their legislative and oversight frameworks deaing with surveillance," I say that, overall, and certainly in the areas where it really matters, the UK's data protection controls are actually better than those that exist in other EU countries. Reference:https://www.ohchr.org.uk/EN/NewsEvents/Pages?DisplayNews.aspx?NewsID+23297&LangID=E.

About Me

I'm Martin Hoskins, and I started this blog to offer somewhat of an irreverent approach to data protection issues. As time has passed, the tone of my posts have become more serious.
I'm not a "high priest" of data protection. I focus on the principles of transparency, fairness, practicality, risk-assessment and pragmatism when dealing with issues, rather than applying every aspect of every data protection rule.
While I may occasionally appear to criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity, so these comments should never be taken to represent anyone else's views on what I write about.
I occasionally tweet as @DataProtector.
You can contact me at:
info@martinhoskins.com.